7488 matches found
PT-2024-1066 · Openvpn · Openvpn Connect
Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.6 Description: The issue is related to the failure to neutralize instructions in dynamically executed code. Exploitation of this issue may allow an attacker to execute arbitrary code using the DYLD...
SUSE-SU-2024:0045-1 Security update for gcc13
This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided...
[SECURITY] Fedora 38 Update: python3.11-3.11.7-2.fc38
Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...
[SECURITY] Fedora 38 Update: python3.12-3.12.1-2.fc38
Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...
Weak Hashing Algorithm
bsock is vulnerable to a Weak Hashing Algorithm. The vulnerable is due to the libraries usage of weak hashing algorithm MD5, SHA1 within vendor\faye-websocket.js. This could allow an attacker to break the confidentiality of the websocket communication...
Fedora: Security Advisory (FEDORA-2023-c61a7d5227)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-28872
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...
Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)
Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion HCI's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerabili...
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...
Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.
Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a...
DRUPAL-CONTRIB-2023-055
This module allows you to turn various data sources Eg CSV or JSON file into interactive visualisation. The DVF module provides a field storage, widget & formatter that can be added to any entity. This module uses two third-party JS libraries having from low to medium vulnerabilities. One of the...
openSUSE 15 Security Update : putty (openSUSE-SU-2023:0411-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0411-1 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
[SECURITY] Fedora 38 Update: dotnet6.0-6.0.125-1.fc38
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2015-8383, CVE-2015-8381, CVE-2015-8386, CVE-2015-8388, CVE-2015-8385, CVE-2015-8387, CVE-2015-8391, CVE-2015-8390, CVE-2015-839...
CVE-2023-21751
Azure DevOps Server Spoofing Vulnerability...
Design/Logic Flaw
Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...
catalog.citruslibraries.org Cross Site Scripting vulnerability OBB-3811424
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-31210
CVE-2023-31210 affects Checkmk 2.2.0p10 to 2.2.0p16, where a user-controlled LD_LIBRARY_PATH in the agent can be exploited by a malicious Checkmk site user to escalate privileges via injection of malicious libraries. The documents confirm the affected product (Checkmk), the vulnerable component (...
CVE-2023-31210 Privilege escalation in agent via LD_LIBRARY_PATH
Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...
CVE-2023-28465
The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...